堆栈内存溢出
  简体   繁体   English

SQL Server中的SSIS:如何获取它来存储密码

[英]SSIS in SQL Server: How to get it to store password

 原文  2015-04-06 11:13:22       sql-server/ sql-server-2008/ ssis/ sql-server-2008-r2

问题描述

I am an Oracle guy who suddenly got SQL Server and SSIS dropped in his lap, so I am probably not using the terminology in the correct manner, but here goes: 我是一个Oracle专家,突然把SQL Server和SSIS丢在了他的腿上,所以我可能没有以正确的方式使用该术语,但是这里有:

There is a SSIS package that pulls data from the Oracle database into our SQL Server 2008 R2 warehouse. 有一个SSIS包,可将数据从Oracle数据库提取到我们的SQL Server 2008 R2仓库中。 If I open this package in SSIS Visual Studio 2008, I get prompted for a password: 如果我在SSIS Visual Studio 2008中打开此程序包,则会提示我输入密码:

The sensitive data in the package 'MyRefresh.dtsx' is encrypted with a password. 软件包“ MyRefresh.dtsx”中的敏感数据已使用密码加密。

for the package itself. 包装本身。 I enter the password. 我输入密码。 I run the package. 我运行程序包。 Works great. 效果很好。 The previous guy had loaded this package into SQL Server with a job to run at 1am every day and it worked great there too. 前一个家伙已经将此程序包加载到SQL Server中,并且每天要在凌晨1点运行,并且在那里工作也很好。

Recently, there were some database changes. 最近,发生了一些数据库更改。 The package, of course, stopped working. 该程序包当然停止工作了。 I was able to fix it, and, again, it runs great if run through SSIS Visual Studio 2008. However, when I loaded it into SQL Server, and the job runs, it fails with: 我能够修复它,并且再次通过SSIS Visual Studio 2008运行时,它运行良好。但是,当我将其加载到SQL Server中并运行该作业时,它失败并显示:

0xC001405F Failed to decrypt an encrypted XML node because the password was not specified or not correct. 0xC001405F由于未指定密码或密码不正确,无法解密加密的XML节点。

Where/how to I specify the password so the job can run? 我在哪里/如何指定密码以便作业可以运行?

3 个解决方案

解决方案1
 8  2017-04-05 12:30:08

Late answer, but might be helpful to other users/thread visitors 答案较晚,但可能对其他用户/线程访问者有帮助

In short, to load the package to SQL Server it must be exported with new credentials specified, and then imported back into specified folder. 简而言之,要将程序包加载到SQL Server,必须使用指定的新凭据将其导出,然后再导入回指定的文件夹中。

Here is the article I found on setting the SSIS package encryption manually in SSMS , that provides a quick tutorial on how to Import/Export an encrypted package. 这是我在SSMS中手动设置SSIS包加密的文章,该文章提供了有关如何导入/导出加密包的快速教程。

Please note that the Protection level option regards sensitive data, in one case, or all the data included in particular package in other. 请注意,在一种情况下,“保护级别”选项涉及敏感数据,而在另一种情况下则涉及特定包装中包含的所有数据。 Data that is considered sensitive is set by default in Integration Services: variables previously marked as delicate, non-changeable XML tags, which are controlled by the SSIS service, and password, which can be considered sensitive if the 'Encrypt all data with password' is chosen. 默认情况下,在Integration Services中设置被认为敏感的数据:先前标记为精致,不可更改的XML标记(由SSIS服务控制)的变量和密码,如果“使用密码加密所有数据”,则可以视为敏感数据被选中。

Package protection levels: 包装保护等级:

  • Do not save sensitive data: if sensitive data exists, it will not be included after the exporting of the new package, remaining unavailable; 不要保存敏感数据:如果存在敏感数据,则在导出新软件包后将不包括敏感数据,使其不可用;
  • Encrypt sensitive data with user key: sensitive data will be encrypted with current user credentials, and package still can be used on local server. 使用用户密钥加密敏感数据:敏感数据将使用当前用户凭据进行加密,并且程序包仍可以在本地服务器上使用。 Which data will be considered as sensitive, depends on the creator/owner of the package; 哪些数据将被视为敏感数据,取决于数据包的创建者/所有者;
  • Encrypt sensitive data with password: with this level, a password must be provided – this kind of encryption is desirable, if user want to keep only sensitive data private. 用密码加密敏感数据:在此级别,必须提供密码-如果用户只想将敏感数据保密,则需要这种加密。
  • Encrypt all data with user key: same as the encryption of sensitive data, it can be used on local server, but it regards all the data within the package; 使用用户密钥加密所有数据:与敏感数据的加密相同,可以在本地服务器上使用它,但它会考虑包中的所有数据;
  • Encrypt all data with password: this level encrypts all data within the package, password is required, and it provides a 100% privacy. 使用密码加密所有数据:此级别对程序包中的所有数据进行加密,需要密码,并提供100%的隐私。

Hope this info is helpful. 希望此信息对您有所帮助。

解决方案2
 3  2015-04-06 11:51:28

If you have the opportunity I suggest you no longer use the EncryptAllWithPassword protection level. 如果有机会,我建议您不再使用EncryptAllWithPassword保护级别。 Read here for more info about package encryption levels: 在此处阅读有关软件包加密级别的更多信息:

http://sqlblog.com/blogs/eric_johnson/archive/2010/01/12/understanding-the-ssis-package-protection-level.aspx http://sqlblog.com/blogs/eric_johnson/archive/2010/01/12/understanding-the-ssis-package-protection-level.aspx

In short the idea of package encryption is to stop people opening up the package XML to extract plain text passwords. 简而言之,包加密的想法是阻止人们打开包XML以提取纯文本密码。 But generally this is implemented in a insecure manner which defeats the purpose. 但是通常这是以不安全的方式实现的,这无法达到目的。

I suggest you use windows authentication throughout instead: 我建议您改用Windows身份验证:

  1. Ensure your Oracle server supports external authentication 确保您的Oracle服务器支持外部身份验证
  2. Create an externally identified login to Oracle using the SQL Agent windows service account 使用SQL Agent Windows服务帐户创建外部标识的Oracle登录
  3. In your Oracle connection manager, use external authentication (login with user / and no password) 在您的Oracle连接管理器中,使用外部身份验证(使用用户/登录,无需密码)
  4. If you have any SQL Server connection managers you need to do the same (in SQL Server this is called windows authentication) 如果您有任何SQL Server连接管理器,则需要执行相同的操作(在SQL Server中,这称为Windows身份验证)
  5. Lastly ensure that all developers are set up with windows authentication in SQL Server and Externally identified authentication in Oracle so they can run the package in BIDS 最后,确保所有开发人员都在SQL Server中设置了Windows身份验证,并在Oracle中设置了外部标识的身份验证,以便他们可以在BIDS中运行该程序包

Now you don't need to encrypt your package anymore (you can use DontSaveSensitive ). 现在,您不再需要加密程序包(可以使用DontSaveSensitive )。 The authority for all operations are against the SQL Agent service account. 所有操作的权限均针对SQL Agent服务帐户。

You don't need to remember a package password or an Orace login password any more. 您无需再记住软件包密码或Orace登录密码。

Also for example if you need to rotate the password on your Oracle login, originally you would have to go and change this password in Oracle and in your package. 同样,例如,如果您需要轮换Oracle登录名上的密码,则最初您必须在Oracle 软件包中更改该密码。 But by using windows authentication this is no longer necessary. 但是通过使用Windows身份验证,这不再是必需的。

I can give you more info if you are interested. 如果您有兴趣,我可以给您更多信息。

解决方案3
 1 已采纳  2015-04-06 11:35:55

您可以将/de开关与dtexec实用程序一起使用来输入密码,如下所示: 

dtexec /f <filename> /de <password>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何最好地在 SQL Server 中存储密码以便可以检索密码 - How best to store a password in SQL Server so that the password can be retrieved SSIS父级不需要密码,但子级软件包却需要密码-如何使它在SQL Server代理中运行? - SSIS parent doesn't need password but child packages do - how do I get this to run in SQL server Agent? SQL Server在哪里存储SSIS包? - Where does SQL Server store the SSIS packages? 如何在SQL Server 2008 R2中存储哈希密码 - How to store a hashed password in SQL Server 2008 R2 ASP.NET Sql Server 2008 如何在数据库中存储密码 - ASP.NET Sql Server 2008 How to store password in database 如何从SSIS中的SQL Server获取错误代码 - How do i get the error code from sql server in ssis SSIS ODBC源未在SQL Server代理作业中保存密码 - SSIS ODBC Source not saving password in SQL Server agent job 将 SQL 服务器 sa 密码存储在秘密管理器中 - Store SQL Server sa password in secret manager 在SQL Server中存储,检索和验证密码(SecureString) - Store, retrieve and validate password (SecureString) in SQL Server 将密码存储到SQL Server 2008中的适当格式? - Appropriate format to store password into SQL Server 2008?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM